A major cyber-attack dubbed ‘Petya’ hit central banks and many large corporations in Europe, the Middle-East and the US, creating havoc for employees and customers alike. It’s the second major global ransomware attack after WannaCry in the last two months.
Operations at one of the three terminals of India’s largest container port Jawaharlal Nehru Port (JNPT) were also impacted on Tuesday night as a fallout of the global ransomware attack.
What is Petya ransomware
Petya is a vicious form of the virus that locks a computer's hard drive as well as individual files stored on it. It is harder to recover information from computers affected by this ransomware, and it can also be used to steal sensitive information. The ransomware takes over computers and demands $300, paid in Bitcoin.
#Petya encrypts ON BOOT. If you see CHKDSK message your files not yet encrypted, power off immediately. You can recover with with LiveCD. pic.twitter.com/nKL4Xixjn9
— Hacker Fantastic (@hackerfantastic) June 27, 2017
The malicious software then spreads rapidly across an organization once a computer is infected using the Eternal Blue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone has installed it) or through two Windows administrative tools.
ALSO READ: New ransomware attack hits Europe; India’s JNPT too on list
How far has the ransomware spread?
The attack targeted around 2,000 computers in around a dozen countries including the UK, US, France and Germany. State-run and public organisations were affected, as both the global advertising giant WPP and the Ukrainian National Bank reported problems. Ukraine too was affected and the Chernobyl nuclear power plant systems were reportedly switched to manual as a precautionary measure.
If you are infected with Petya and your machine has crashed/powered off. DO NOT POWER UP. Use a LiveCD or external machine to recover files
— Hacker Fantastic (@hackerfantastic) June 27, 2017
READ: North Korean hackers responsible for ransomware cyber-attacks
However, no one has any clue regarding the perpetrators of the attack till date.
What should a person do if he/she gets affected by the ransomware?
Victims should never pay the ransom as the attackers get emboldened by such actions. The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, one can switch off the computer to prevent the files from being encrypted.
The best thing in such a scenario is to restore the various files from a backup. One needs to disconnect the PC from the internet and reformat the hard drive. Further, it is also advisable for people to keep their anti-virus software up to date.